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DETAILED ACTION 

1 . Claims 1-24 are presented for examination. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent,, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

2. Claims 1-24 are rejected under 35 U.S.C. 102(e) as being anticipated by Kiyoto 
et al hereafter Kiyoto (US patent application 20040181689). 

3. As per claim 1 , Kiyoto discloses a method comprising: collecting security 
information from the nodes of the enterprise under audit; analyzing the security 
information and providing a first result of this analysis (paragraphs, 001 1 , 0016, 0042, 
0049); and comparing this first result with a second result comprising security standards 
applicable to the enterprise under audit and one or more other enterprises that together 
form a relevant peer group, the result of this comparing step indicating the relative 
security of the enterprise under audit relative to that of the peer group of enterprises 
(abstract, paragraphs 0017, 0018, 0079-0081). 
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4. As per claim 2, Kiyoto discloses the method wherein, in the comparing step, the 
second result comprises information derived from industry standards applicable to the 
relevant peer group of enterprises (abstract, paragraphs, 0017, 0018, 0079-0081). 

5. As per claim 3, Kiyoto discloses the method wherein, in the comparing step, the 
second result comprises information derived from information previously obtained 
through application of the collecting and analyzing steps to two or more enterprises in 
the relevant peer group (paragraphs, 001 5-0016). 

6. As per claim 4, Kiyoto discloses the method comprising the step of generating at 
least one report that presents the first and second results arranged in a way that 
facilitates their comparison (abstract, paragraphs, 0017, 0018, 0079-0081). 

7. As per claim 5, Kiyoto discloses the method wherein the generating step includes 
presenting the first and second results each broken down into several results relating to 
several different areas of security, with a first and a second result presented for each 
different area of security and arranged in a way that facilitates their comparison 
(paragraphs, 0011, 0016, 0042, 0049). 

8. As per claim 6, Kiyoto discloses the method wherein, in the generating step, the 
results relating to several different areas of security comprise results arising from 
analysis of personnel security information and physical security information, at least 
some of the information included in the first result having been gathered using 
interviews during the collecting step (paragraphs, 0011). 

9. As per claim 7, Kiyoto discloses the method wherein, in the generating step, the 
results relating to several different areas of security comprise results arising from 
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analysis of password security information and file access permission security 
information (abstract, paragraphs 001 7, 001 8, 0079-0081 ). 

10. As per claim 8, Kiyoto discloses the method wherein, in the generating step, the 
results relating to several different areas of security further comprise results arising from 
analysis of personnel security information and physical security information, at least 
some of the information included in the first result having been gathered using 
interviews during the collecting step (paragraphs, 0015-0016). 

11. As per claim 9, Kiyoto discloses the method wherein, in the generating step, the 
several different areas of security comprise one or more results of analysis of node 
configuration security information and one or more results of analysis of security 
information gathered using interviews (paragraphs, 0017-0018). 

12. As per claim 10, Kiyoto discloses the method wherein, in the generating step, the 
one or more results of analysis of node configuration security information comprise 
results arising from analysis of password security information (paragraphs, 0038). 

1 3. As per claim 1 1 , Kiyoto discloses the method wherein, in the generating step, the 
one or more results of analysis of node configuration security information comprises 
results arising from analysis of file access permission security information (paragraphs, 
0041-0042). 

14. As per claim 12, Kiyoto discloses the method, wherein the generating step 
generates at least two comparative reports in different formats for different requesting 
parties or uses, and in particular one for technical experts that includes technical 
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language and details and another for non-technical-experts that substantially excludes 
technical language and details (paragraphs, 0011, 0016, 0042, 0049). 

15. As per claim 13, Kiyoto discloses the method, to which is added: generating. and 
executing commands to alter the security information of one or more nodes to improve 
system security in at least some cases when the analysis or comparison or both 
indicate security is in need of improvement (abstract, paragraphs 0017, 0018, 0079- 
0081). 

16. As per claim 14, Kiyoto discloses the method comprising; generating at least one 
report that presents the first and second results arranged in a way that facilitates their 
comparison (abstract, paragraphs 0017, 0018, 0079-0081 ). 

17. As per claim 15, Kiyoto discloses the method wherein the generating commands 
step generates commands which force the deactivation or correction of one or more 
passwords when the analysis or comparison or both indicate that these one or more 
passwords are not sufficiently secure (abstract, paragraphs 0017, 0018, 0079-0081). 

18. As per claim 16, Kiyoto discloses the method wherein the generating commands 
step generates commands which force alteration of one or more configuration file or 
control file access permissions if the analysis or comparison or both indicate that the 
access permissions assigned to these one or more files do not provide adequate 
system security (paragraphs, 0011, 0016, 0042, 0049). 

19. As per claim 17, Kiyoto discloses a system comprising: a plurality of nodes within 
the enterprise under audit; collectors associated with the nodes and arranged to collect 
from the nodes information concerning the security of the enterprise under audit 
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(paragraphs, 001 1 , 0016, 0042, 0049); a security analyzer arranged to analyze the 
information concerning the security of the enterprise under audit and to provide a first 
result of this analysis; a data base containing a second result comprising security 
standards applicable to the enterprise under audit and one or more other enterprises 
that together form a relevant peer group; and a comparison mechanism arranged to 
compare the first and second results to determine the relative security of the enterprise 
under audit in comparison to that of the enterprises in the relevant peer group (abstract, 
paragraphs 0017, 0018, 0079-0081). 

20. As per claim 18, Kiyoto discloses a system is added: a report generator that 
generates at least one report which presents the first and second results arranged each 
broken down into several results relating to several different areas of security, with a 
first and second result presented for each different area of security and arranged in a 
way that facilitates their comparison (abstract, paragraphs 001 7, 001 8, 0079-0081 ). 

21 . As per claim 19, Kiyoto discloses a system is added: change agents associated 
with the nodes and able to execute commands that alter node configuration information; 
and a command generator that provides commands to the change agents on selected 
nodes to alter node configuration information to improve system security in response to 
the analyzer or comparison mechanism or both determining security improvements are 
needed (paragraphs, 001 1 ). 

22. As per claim 20, Kiyoto discloses a system wherein the command generator 
includes a mechanism that can generate commands which, when executed, cause one 
or more of the change agents to force the deactivation or correction of one or more 
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secure passwords if the security analyzer or comparison mechanism or both determine 
that one or more passwords are not sufficiently secure (paragraphs, 0017-0018). 

23. As per claim 21 , Kiyoto discloses a system wherein the command generator 
included a mechanism that can generate commands which, when executed, cause one 
or more of the change agents to force the alteration of the access permissions of one or 
more configuration files or control files if the security analyzer or comparison 
mechanism or both determine that the access permissions assigned to one or more 
such files do not provide sufficient security (abstract, paragraphs 0017, 0018, 0079- 
0081). 

24. As per claim 22, Kiyoto discloses a system comprising: a plurality of nodes within 
an enterprise under audit; collector means associated with the nodes for collecting 
information from the nodes concerning the security of the enterprise under audit 
(paragraphs, 0011, 0016, 0042, 0049); security analyzer means for analyzing the 
information concerning the security of the enterprise under audit and for providing a first 
result of this analysis; data base means for storing and for presenting a second result 
comprising security standards applicable to the enterprise under audit and one or more 
other enterprises that together form a relevant peer group; and comparison means for 
comparing the first and second results to determine the relative security of the 
enterprise under audit in comparison to that of the enterprises in the relevant peer group 
(abstract, paragraphs 001 7, 001 8, 0079-0081 ). 

25. As per claim 23, Kiyoto discloses a system in accordance with claim 22 to which 
is added report generation means for generating at least one report which presents the 
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first and second results each broken down into several results relating to several 
different areas of security, whith a first and second result presented for each different 
area of security and arranged in a way that facilitates their comparison (abstract, 
paragraphs 0017, 0018, 0079-0081). 

26. As per claim 24, Kiyoto discloses a system is added change agent means 
associated with the nodes for executing commands that alter node configuration 
information; and command generator means for providing commands to the change 
agent means on selected nodes as needed to alter system configuration information to 
improve system security in response to the security analyzer means or the comparison 
means or both determining that security improvements are needed (paragraphs, 0011). 

Conclusion 

27. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Mohammad w. Reza whose telephone number is 571- 

272- 6590. The examiner can normally be reached on M-F (9:00-5:00). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, MOAZZAMI NASSER G can be reached on (571)272-4195. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 

273- 8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
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applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). 

Mohammad Wasim Reza 
AU2136 
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